package com.dingding.special.controller.interceptor;

import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpStatus;
import org.apache.log4j.Logger;

import com.dingding.common.core.util.DateFormatUtil;
import com.dingding.common.core.util.SHA1Util;
import com.dingding.common.core.util.ToolUtil;

/**
 * 
 * @ClassName: URLValidate 
 * @Description: URL校验
 * @author CHEHAUNBO 
 * @date 2016年6月3日 下午10:41:13
 * 
 */
public class URLValidate {

	private static final Logger log = Logger.getLogger(URLValidate.class);

	/**
	 * url 签名校验
	 * 
	 * @Title: validate 
	 * @param timeStamp 请求时间戳
	 * @param accesstoken 用户唯一授权码
	 * @param signature  URL签名
	 * @return  true 
	 * @author CHEHAUNBO
	 * 
	 */
	public static boolean validate(HttpServletResponse response, String url, String timeStamp, String signature) {

		if (ToolUtil.isBlank(timeStamp) || ToolUtil.isBlank(signature)) {
			return false;
		}

		// 时间戳校验
		if (!timeStampCheck(timeStamp)) { // 校验失败
			return false;
		}

		// 授权码校验
		urlCheckSign(url, timeStamp, null, signature);
		// 签名校验

		return true;

	}

	/**
	 * url 签名校验
	 * 
	 * @Title: validate 
	 * @param timeStamp 请求时间戳
	 * @param accesstoken 用户唯一授权码
	 * @param signature  签名
	 * @return   
	 * @author CHEHAUNBO
	 * 
	 */
	public static boolean validate(HttpServletResponse response, String url, String timeStamp, String accesstoken,
			String signature) {

		if (ToolUtil.isBlank(timeStamp) || ToolUtil.isBlank(accesstoken) || ToolUtil.isBlank(signature)) {

			return false;
		}

		// 时间戳校验
		if (!timeStampCheck(timeStamp)) { // 校验失败
			setStatus(response);
		}

		// 授权码校验
		urlCheckSign(url, timeStamp, accesstoken, signature);
		// 签名校验
		response.setStatus(HttpStatus.SC_FORBIDDEN);

		return true;

	}

	/**
	 * 
	 * 验证URl签名是否正确
	 * 
	 * @Title: urlCheckSign 
	 * @param url 客户端请求的URL地址
	 * 		  timeStamp 请求时间戳
	 *        signature 客户端对URL的签名
	 * @return boolean true 校验成功 false 校验失败 
	 * @author CHEHAUNBO
	 * 
	 */
	public static boolean urlCheckSign(String url, String timeStamp, String signature) {
		return urlCheckSign(url, timeStamp, null, signature);
	}

	/**
	 * 
	 * 验证URl签名是否正确
	 * 
	 * @Title: urlCheckSign 
	 * @param url 客户端请求的URL地址
	 *  	  timeStamp 请求时间戳
	 *  	  accesstoken 用户授权码
	 *        signature 客户端对URL的签名
	 * @return boolean true 校验成功 false 校验失败 
	 * @author CHEHAUNBO
	 * 
	 */
	public static boolean urlCheckSign(String url, String timeStamp, String accesstoken, String signature) {

		String urlsign = url.substring(url.indexOf("authorapi") - 1) + timeStamp;

		if (ToolUtil.isNotBlank(accesstoken)) {
			urlsign += accesstoken;
		}
		// SHA1加密
		String sha1HexData = SHA1Util.sha1Hex(urlsign);

		if (!sha1HexData.equals(signature)) {
			log.error("客户端请求的URL签名错误！");
			return false;
		}

		return true;
	}

	/**
	 * 
	 * 校验请求是否已经过时
	 * 
	 * @Title: timeStampCheck 
	 * @return   boolean true 未过时 false 已过时
	 * @author CHEHAUNBO
	 * 
	 */
	public static boolean timeStampCheck(String timeStamp) {

		Long seconds = (DateFormatUtil.getTimeInMillis() - Long.parseLong(timeStamp)) / 1000;

		if (seconds > 30) { // 当前URL请求时间超时30秒，判为URL无效
			log.error("客户端请求的URL已经超时！");
			return false;
		}

		return true;

	}

	public static void setStatus(HttpServletResponse httpServletResponse) {
		httpServletResponse.setStatus(HttpStatus.SC_FORBIDDEN);
	}

}
